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DETAILED ACTION 

Continued Examination Under 37 CFR 1.114 

1 . A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on March 
13, 2008 has been entered. 

Information Disclosure Statement 

2. The information disclosure statement (IDS) submitted on March 13, 2008 was 
filed after the mailing date of the Final Rejection on January 8, 2008. The submission is 
in compliance with the provisions of 37 CFR 1 .97. Accordingly, the information 
disclosure statement is being considered by the examiner. 

Response to Arguments 

3. Applicant's arguments filed March 13, 2008 have been fully considered but they 
are not persuasive. In response to applicant's argument that there is no suggestion to 
combine the references, the examiner recognizes that obviousness can only be 
established by combining or modifying the teachings of the prior art to produce the 
claimed invention where there is some teaching, suggestion, or motivation to do so 
found either in the references themselves or in the knowledge generally available to one 
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of ordinary skill in the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 
1988)and In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992). In this case, 
the motivation to combine is to facilitate future requests without re-verifying user 
credentials (column 2, lines 35-41). The fact that He pre-dates Hermann is irrelevant. 

Claim Rejections - 35 USC § 103 

4. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

5. Claims 1 - 3, 7, 1 0 - 1 4, 1 8, 23, 24, 28 and 29 are rejected under 35 

U.S.C. 103(a) as being unpatentable over Herrmann, in view of He and further in view 
of Rosen US Patent 5,557,518. 

6. Referring to claim 1, Herrmann teaches: 

a. A client seeking access to a network (page 7, paragraph 63). 

b. A policy server that performs checks to confirm the client meets with 
applicable rules (page 8, paragraph 69). 

c. An Integrity Gateway (IGW) server that allows access to those with the 
appropriate configuration and denies access to those without it (page 8, 
paragraph 67). 

7. Herrmann does not explicitly disclose providing proof to the client if the manifests 
were passed. However, He discloses providing a general ticket to the user for verifying 
user credentials and then using that ticket to access resources (column 2, lines 35-46). 
Herrmann and He are analogous art because they are from the same field of endeavor, 
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security management. At the time of the invention, it would have been obvious to one of 
ordinary skill in the art, having the teachings of Herrmann and He before him or her, to 
modify the manifests of checks of Herrmann to include providing a ticket of He. The 
suggestion/motivation for doing so would have been to facilitate future requests without 
re-verifying user credentials (column 2, lines 35-41). 

8. Hermann in view of He does not explicitly disclose that the client periodically 
requests that the proof be updated by the first server, regardless of further requests for 
access to the network resource. However, Rosen discloses updating the credential 
information remotely (column 27, lines 62-65). Hermann, He and Rosen are analogous 
art because they are from the same field of endeavor, credentials. At the time of the 
invention, it would have been obvious to one of ordinary skill in the art, having the 
teachings of Hermann in view of He and Rosen before him or her, to modify the system 
of Hermann in view of He to include the updating of Rosen. The suggestion/motivation 
for doing so would have been that it is desirable to periodically update the credentials 
(column 27, lines 42-43). 

9. Referring to claim 2, Herrmann teaches checking for installed virus software 
(page 8, paragraph 68). 

10. Referring to claim 3, Herrmann teaches that delegates on the client computer 
perform the security checks (page 11-12, paragraph 94). 

1 1 . Referring to claim 7, Herrmann teaches that the client is directed to the second 
server after the checks are failed (page 12, paragraph 96). 
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12. Referring to claim 10, Herrmann teaches that after an inventory of software 
(security policy check), that the server redirects the client to a website to download the 
appropriate fix (page 10, paragraph 79). 

1 3. Referring to claim 1 1 , Herrmann teaches that the policy server acts as a 
mediator between the client and the second server (figure 4) and acts as a firewall for 
the IGW (page 8, paragraph 69). 

14. Referring to claim 12, Herrmann teaches that the first and second server can be 
part of the same computing device (page 8, paragraph 69). 

15. Referring to claim 13, Herrmann teaches: 

d. Receiving a manifest of checks from the policy server that determine a 
configuration (page 1 1 , paragraph 94). 

e. Performing the checks and forwarding the results to the policy server 
(pages 11-12, paragraph 94). 

f. The client connects to the NAS to request access (page 7, paragraph 63) 
which forwards the request to the IGW server (page 8, paragraph 66). 

g. The client's proof of configuration is forwarded through the first server to 
the second server (page 12, paragraph 95). 

16. Herrmann does not explicitly disclose receiving proof at the client of the required 
configuration and passing the proof onto the second server. However, He discloses 
providing a general ticket to the user for verifying user credentials and then using that 
ticket to access resources (column 2, lines 35-46). Herrmann and He are analogous art 
because they are from the same field of endeavor, security management. At the time of 
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the invention, it would have been obvious to one of ordinary skill in the art, having the 
teachings of Herrmann and He before him or her, to modify the manifests of checks of 
Herrmann to include providing a ticket of He. The suggestion/motivation for doing so 
would have been to facilitate future requests without re-verifying user credentials 
(column 2, lines 35-41). 

1 7. Hermann in view of He does not explicitly disclose that the client periodically 
requests that the proof be updated by the first server, regardless of further requests for 
access to the network resource. However, Rosen discloses updating the credential 
information remotely (column 27, lines 62-65). Hermann, He and Rosen are analogous 
art because they are from the same field of endeavor, credentials. At the time of the 
invention, it would have been obvious to one of ordinary skill in the art, having the 
teachings of Hermann in view of He and Rosen before him or her, to modify the system 
of Hermann in view of He to include the updating of Rosen. The suggestion/motivation 
for doing so would have been that it is desirable to periodically update the credentials 
(column 27, lines 42-43). 

18. Referring to claim 14, Herrmann teaches: 

h. Receiving a request for software inventory from the first server (page 8, 
paragraph 68). 

i. Receiving the software necessary and installing it (page 10, paragraph 
79). 

19. Referring to claim 18, Herrmann teaches that the first and second server can be 
part of the same computing device (page 8, paragraph 69). 
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20. Referring to claim 23, Herrmann teaches: 

j. Receiving request to access a network resource at the first server (page 7, 
paragraph 63). 

k. Receiving at the first server proof of a required configuration (page 1 2, 
paragraph 95). 

I. If the proof is valid, access is permitted, if invalid then access is denied 
(page 12, paragraph 97). 

21 . Herrmann does not explicitly disclose validating the proof by comparing the proof 
with information from the trusted server. However, He discloses providing a ticket that is 
validated that it is the correct ticket by comparing the checksums (column 18, lines 13- 
47). Herrmann and He are analogous art because they are from the same field of 
endeavor, security management. At the time of the invention, it would have been 
obvious to one of ordinary skill in the art, having the teachings of Herrmann and He 
before him or her, to modify the manifests of checks of Herrmann to include providing a 
ticket of He. The suggestion/motivation for doing so would have been to facilitate future 
requests without re-verifying user credentials (column 2, lines 35-41). 

22. Hermann in view of He does not explicitly disclose periodically receiving requests 
that the proof be updated by the first server, regardless of further requests for access to 
the network resource. However, Rosen discloses updating the credential information 
remotely (column 27, lines 62-65). Hermann, He and Rosen are analogous art because 
they are from the same field of endeavor, credentials. At the time of the invention, it 
would have been obvious to one of ordinary skill in the art, having the teachings of 
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Hermann in view of He and Rosen before him or her, to modify the system of Hermann 
in view of He to include the updating of Rosen. The suggestion/motivation for doing so 
would have been that it is desirable to periodically update the credentials (column 27, 
lines 42-43). 

23. Referring to claim 24, if the proof is invalid the client is directed to download the 
appropriate fix to the problem (page 12, paragraph 97). 

24. Referring to claim 28, Herrmann teaches: 

m. Receiving a manifest of checks from a first server, wherein the checks 
determine whether the client possesses a required configuration of installed 
software (page 8, paragraph 69). 

n. Performing the checks in the manifest of checks and sending the results of 
the checks to the first server (pages 11-112, paragraph 94). 

25. Herrmann does not explicitly disclose receiving proof at the client, requesting 
access at a second server, providing proof to that second server and periodically 
updating that proof regardless of further requests for access to the network resources. 
However, He discloses: 

o. Receiving proof at the client (column 2, lines 35-36). 

p. Requesting access to a network resource and providing proof of the 

required configuration to the second server (column 2, lines 36-38). 

26. Herrmann and He are analogous art because they are from the same field of 
endeavor, security management. At the time of the invention, it would have been 
obvious to one of ordinary skill in the art, having the teachings of Herrmann and He 
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before him or her, to modify the manifests of checks of Herrmann to include providing a 
ticket and using it to access the resources of He. The suggestion/motivation for doing so 
would have been to facilitate future requests without re-verifying user credentials 
(column 2, lines 35-41). 

27. Hermann in view of He does not explicitly disclose that the client periodically 
requests that the proof be updated by the first server, regardless of further requests for 
access to the network resource. However, Rosen discloses updating the credential 
information remotely (column 27, lines 62-65). Hermann, He and Rosen are analogous 
art because they are from the same field of endeavor, credentials. At the time of the 
invention, it would have been obvious to one of ordinary skill in the art, having the 
teachings of Hermann in view of He and Rosen before him or her, to modify the system 
of Hermann in view of He to include the updating of Rosen. The suggestion/motivation 
for doing so would have been that it is desirable to periodically update the credentials 
(column 27, lines 42-43). 

28. Referring to claim 29, Herrmann teaches: 

q. Receiving a manifest of checks from a first server, wherein the checks 
determine whether the client possesses a required configuration of installed 
software (page 8, paragraph 69). 

r. Performing the checks in the manifest of checks and sending the results of 
the checks to the first server (pages 11-112, paragraph 94). 
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29. Herrmann does not explicitly disclose receiving proof at the client, requesting 
access at a second server, validating the proof, updating the proof, and then providing 
proof to that second server. However, He discloses: 

s. Receiving and storing proof at the client (column 2, lines 35-36). 

t. Requesting access to a network resource at a second server (column 2, 

lines 36-38). 

u. Validating the proof (column 18, lines 42-46). 

v. If the proof is no longer valid, updating the proof (column 1 8, lines 42-46, 
column 2, lines 9-23). If the ticket is not correct then the user returns to the 
authentication server to get an updated correct ticket, 
w. Providing proof to the second server (column 2, lines 36-38). 

30. Herrmann and He are analogous art because they are from the same field of 
endeavor, security management. At the time of the invention, it would have been 
obvious to one of ordinary skill in the art, having the teachings of Herrmann and He 
before him or her, to modify the manifests of checks of Herrmann to include providing a 
ticket and using the ticket to access the resources of He. The suggestion/motivation for 
doing so would have been to facilitate future requests without re-verifying user 
credentials (column 2, lines 35-41). 

31 . Hermann in view of He does not explicitly disclose that the client periodically 
requests that the proof be updated by the first server, regardless of further requests for 
access to the network resource. However, Rosen discloses updating the credential 
information remotely (column 27, lines 62-65). Hermann, He and Rosen are analogous 
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art because they are from the same field of endeavor, credentials. At the time of the 
invention, it would have been obvious to one of ordinary skill in the art, having the 
teachings of Hermann in view of He and Rosen before him or her, to modify the system 
of Hermann in view of He to include the updating of Rosen. The suggestion/motivation 
for doing so would have been that it is desirable to periodically update the credentials 
(column 27, lines 42-43). 

32. Claims 4, 5, 8, 9, 15 - 17, 25 and 26 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Herrmann in view of He, in view of Rosen, and further in view 
of Yoko Saito et al's US Patent 6,275,941. Referring to claims 4, 5, 15, 16, and 25 
Herrmann in view of He in view of Rosen discloses all the limitations of the parent 
claims and the passing of the response back to the server (Herrmann, page 12, 
paragraph 94). Herrmann in view of He in view of Rosen does not appear to explicitly 
disclose issuing a certificate and storing it in a database. However, Saito discloses: 

x. Issuing a certificate to the client (column 5, lines 21-22), 

y. Passing the certificate to the server for authentication (column 7, lines 21 - 

23), 

z. Comparing the certificate to the original (column 7, lines 33-35). While it 
does not explicitly disclose that the certificate is stored, it is inherent from the 
ability to compare it to the original. 

33. Steps n and p above teach claim 4. Steps o and p above teach claim 5. Step n 
above teaches claim 15. Step o above teaches claim 16. Step n teaches claim 25. 



Application/Control Number: 10/823,686 Page 12 

Art Unit: 2132 

34. Herrmann in view of He in view of Rosen and Saito are analogous art because 
they are from the same field of endeavor, security management. At the time of the 
invention, it would have been obvious to one of ordinary skill in the art, having the 
teachings of Herrmann in view of He in view of Rosen and Saito before him or her, to 
modify Herrmann in view of He in view of Rosen to include certificates and storage of 
Saito. The motivation for doing so would have been that you can use single sign on 
(column 1, lines 50-51). 

35. Referring to claims 8, 9, 17, and 26 Herrmann in view of He in view of Rosen 
discloses all the limitations of the parent claim as well as storing a unique identifier for 
the user (He, column 16, lines 28-29). Herrmann in view of He in view of Rosen does 
not appear to explicitly disclose issuing a certificate, and storing it in a database and 
using a unique identifier to identify the storage. However, Saito teaches: 

aa. Issuing a certificate to the client (column 5, lines 21-22), 

bb. Passing the certificate to the server for authentication (column 7, lines 21 - 

23), 

cc. Comparing the certificate to the original (column 7, lines 33-35). While it 
does not explicitly disclose that the certificate is stored, it is inherent from the 
ability to compare it to the original. 

dd. Storing the certificate in a second database as well (column 8, lines 53- 
54). 

36. Steps q, and t teach claim 8. Steps q, s, and t teach claim 9. Step s is executed 
using the unique identifier of He teaches claims 17 and 26. 
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37. Herrmann in view of He in view of Rosen and Saito are analogous art because 
they are from the same field of endeavor, security management. At the time of the 
invention, it would have been obvious to one of ordinary skill in the art, having the 
teachings of Herrmann in view of He in view of Rosen and Saito before him or her, to 
modify Herrmann in view of He in view of Rosen to include certificates and storage of 
Saito. The motivation for doing so would have been that you can use single sign on 
(column 1, lines 50-51). 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to CORDELIA KANE whose telephone number is 
(571 )272-7771 . The examiner can normally be reached on Monday - Thursday 8:00 - 
5:00 EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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Primary Examiner, Art Unit 2132 



